Security update for ucode-intel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20715-1 Final 1 1 2025-09-12T08:42:10Z current 2025-09-12T08:42:10Z 2025-09-12T08:42:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ucode-intel This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20250812 release (bsc#1248438) - CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. - CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access - CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. - CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Update for functional issues. - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ARL-H | A1 | 06-c5-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2) | ARL-S/HX (8P) | B0 | 06-c6-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2) | EMR-SP | A1 | 06-cf-02/87 | 210002a9 | 210002b3 | Xeon Scalable Gen5 | GNR-AP/SP | B0 | 06-ad-01/95 | 010003a2 | 010003d0 | Xeon Scalable Gen6 | GNR-AP/SP | H0 | 06-ad-01/20 | 0a0000d1 | 0a000100 | Xeon Scalable Gen6 | ICL-D | B0 | 06-6c-01/10 | 010002d0 | 010002e0 | Xeon D-17xx, D-27xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000404 | 0d000410 | Xeon Scalable Gen3 | LNL | B0 | 06-bd-01/80 | 0000011f | 00000123 | Core Ultra 200 V Series Processor | MTL | C0 | 06-aa-04/e6 | 00000024 | 00000025 | Coreā„¢ Ultra Processor | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004128 | 00004129 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004128 | 00004129 | Core Gen13 | SPR-HBM | Bx | 06-8f-08/10 | 2c0003f7 | 2c000401 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4 | SRF-SP | C0 | 06-af-03/01 | 03000341 | 03000362 | Xeon 6700-Series Processors with E-Cores New Disclosures Updated in Prior Releases: All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-458 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520715-1/ Link for SUSE-SU-2025:20715-1 https://lists.suse.com/pipermail/sle-updates/2025-September/041739.html E-Mail link for SUSE-SU-2025:20715-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1248438 SUSE Bug 1248438 https://www.suse.com/security/cve/CVE-2025-20053/ SUSE CVE CVE-2025-20053 page https://www.suse.com/security/cve/CVE-2025-20109/ SUSE CVE CVE-2025-20109 page https://www.suse.com/security/cve/CVE-2025-22839/ SUSE CVE CVE-2025-22839 page https://www.suse.com/security/cve/CVE-2025-22840/ SUSE CVE CVE-2025-22840 page https://www.suse.com/security/cve/CVE-2025-22889/ SUSE CVE CVE-2025-22889 page https://www.suse.com/security/cve/CVE-2025-26403/ SUSE CVE CVE-2025-26403 page https://www.suse.com/security/cve/CVE-2025-32086/ SUSE CVE CVE-2025-32086 page SUSE Linux Micro 6.0 ucode-intel-20250812-1.1 ucode-intel-20250812-1.1 as a component of SUSE Linux Micro 6.0 Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-20053 SUSE Linux Micro 6.0:ucode-intel-20250812-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520715-1/ https://www.suse.com/security/cve/CVE-2025-20053.html CVE-2025-20053 https://bugzilla.suse.com/1248438 SUSE Bug 1248438 Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2025-20109 SUSE Linux Micro 6.0:ucode-intel-20250812-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520715-1/ https://www.suse.com/security/cve/CVE-2025-20109.html CVE-2025-20109 https://bugzilla.suse.com/1248438 SUSE Bug 1248438 Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. CVE-2025-22839 SUSE Linux Micro 6.0:ucode-intel-20250812-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520715-1/ https://www.suse.com/security/cve/CVE-2025-22839.html CVE-2025-22839 https://bugzilla.suse.com/1248438 SUSE Bug 1248438 Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2025-22840 SUSE Linux Micro 6.0:ucode-intel-20250812-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520715-1/ https://www.suse.com/security/cve/CVE-2025-22840.html CVE-2025-22840 https://bugzilla.suse.com/1248438 SUSE Bug 1248438 Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-22889 SUSE Linux Micro 6.0:ucode-intel-20250812-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520715-1/ https://www.suse.com/security/cve/CVE-2025-22889.html CVE-2025-22889 https://bugzilla.suse.com/1248438 SUSE Bug 1248438 Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-26403 SUSE Linux Micro 6.0:ucode-intel-20250812-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520715-1/ https://www.suse.com/security/cve/CVE-2025-26403.html CVE-2025-26403 https://bugzilla.suse.com/1248438 SUSE Bug 1248438 Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-32086 SUSE Linux Micro 6.0:ucode-intel-20250812-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520715-1/ https://www.suse.com/security/cve/CVE-2025-32086.html CVE-2025-32086 https://bugzilla.suse.com/1248438 SUSE Bug 1248438